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REASONS IN SUPPORT OF APPLICANTS' 
PRE- APPEAL BRIEF REQUEST FOR REVIEW 

This document is submitted in support of the Pre-Appeal Brief Request for Review that 
is filed concurrently herewith along with a Notice of Appeal in compliance with 37 C.F.R. 41 .3 1 
and with the rules set out in the OG Notice of July 12, 2005 for the New Appeal Brief 
Conference Pilot Program. 

It is not believed that an extension of time and/or additional fee(s)-including fees for net 
addition of claims-are required, beyond those that may otherwise be provided for in documents 
accompanying this paper. In the event, however, that an extension of time is necessary to allow 
consideration of this paper, such an extension is hereby petitioned under 37 C.F.R. §1.1 36(a). 
Any additional fees believed to be due in connection with this paper may be charged to our 
Deposit Account 09-0461 . 



REMARKS 

Applicants hereby request a Pre-Appeal Brief Review (hereinafter "Request") of the 
claims finally rejected in the Final Office Action mailed October 20, 2005 ("Final Office 
Action") and the Advisory Opinion mailed January 9, 2006 ("Advisory Opinion"). The Request 
is provided herewith in accordance with the rules set out in the OG dated July 12, 2005. 

Claims 1-12, 14, 16-18, 20 and 22-35 stand finally rejected under 35 U.S.C. § 102(e) as 
anticipated by U.S. Patent No. 6,175,917 to Arrow et al. ("Arrow"). 
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Applicants submit that the rejections are based on a clear error in understanding the 
applied reference, and that the Final Office Action and Advisory Opinion have failed to establish 
anticipation of the Claims. Accordingly, Applicants request review of the present application by 
an appeal conference prior to the filing of an appeal brief. In the interest of brevity and without 
waiving the right to argue additional grounds should this Petition be denied, Applicants will only 
discuss some particular errors made in the rejections of the independent Claims 1 and 33-35. 

In brief, Arrow discloses an enterprise-wide virtual private network (VPN) for securing 
communications of an application program running in a host computer using a VPN unit 
implemented in software in the host computer. The Final Office Action and the Advisory 
Opinion erroneously assert that security processing performed by the software-based VPN unit 
of Arrow is initiated at the direction of the host processor operating system rather than at the 
direction of the VPN control unit. This assertion is made without citation of any specific 
teaching of Arrow that security processing is initiated at the request of the host computer 
operating system and despite the fact that such operation would defeat the purpose of having an 
enterprise-managed VPN system. Based on this erroneous understanding of Arrow, the Final 
Office Action and the Advisory Opinion conclude that Arrow anticipates Claim 1 , which is 
directed to a method of providing security processing for an application program at the initiation 
of a local host operating system under which the application program is running - i.e. the 
opposite of enterprise-managed security processing as taught by Arrow. 

Independent Claim 1 recites (emphasis added): 

1 . A method of performing security processing in a computing network 
comprising a local unit having an operating system kernel executing at least one 
application program, comprising: 

receiving a first request at the operating system kernel from the 
application program to initiate a communication with a remote unit; 

providing a second request from the operating system kernel to a 
security offload component which performs security handshake processing, 
the second request directing the security offload component to secure the 
communication with the remote unit ; and 

providing a control function in the operating system kernel for initiating 
operation of the security handshake processing by the security offload 
component. 

Similarly, Independent Claim 33 recites (emphasis added): 

33. A method of performing security processing in a computing network 
including a local unit having an operating system kernel executing at least one 
application program, comprising: 



In re: Brabson et aL 
Application No.: 10/007,581 
Filed: December 5, 2001 
Page 3 

providing a security offload component which performs security session 
establishment and control processing; 

providing a control function in the operating system kernel for initiating 
operation of the security session establishment and control processing by the 
security offload component; 

receiving a request at the operating system kernel from the 
application program to initiate a communication with a remote unit ; and 

directing the security offload component to secure the communication 
with the remote unit in response to the request . 

Independent Claims 34-35 are system and computer program product claims containing 
recitations similar to those of Independent Claim 33. Applicants respectfully submit that at least 
the highlighted recitations of Claims 1 and 33, and the corresponding recitations of Claims 34- 
35 5 are not disclosed by Arrow. Accordingly, the Final Office Action and Advisory Opinion, 
have failed to establish anticipation of Claim 1 or Claims 33-35. 

In rejecting Claim 1, the Final Office Action erroneously contends on Page 2 that Arrow 
teaches providing a second request from the operating system to a security offload component 
which performs security handshake processing, the second request directing the security offload 
component to secure the communication with the remote unit. In making this rejection, the 
Final Office Action has merely copied the recitations of Claim 1 and provided no specific 
explanation of how the cited portions of Arrow disclose this recitation. 

In the August 22, 2005 Amendment and the December 15, 2005 Request for 
Reconsideration, the Applicants pointed out that Arrow discloses a virtual private network 
(VPN) in which VPN units perform security management functions for VPN clients over a 
shared network, and that the security processing is not controlled by the VPN client. Rather, as 
expressly stated by Arrow, the VPN units are controlled by a VPN management station 160 
"through commands and configuration information transmitted to the respective VPN unit" 
through a public network. (Arrow, col. 6, 11. 31-34.) Arrow further states expressly that "secure 
data communications between end users are achieved in a way that is transparent to the end 
users." (Arrow, col. 7, 11. 5-7.) Accordingly, Arrow teaches an enterprise-managed security 
system designed to permit users to communicate transparently with one smother in a secure 
manner across insecure public networks, i.e. a VPN. 

In sharp contrast to the VPN security processing system of Arrow that is controlled by a 
remote VPN management station, Claim 1 recites "receiving a first request at the operating 
system kernel from the application program to initiate a communication with a remote unit" and 
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"providing a second request from the operating system kernel to a security offload component 
which performs security handshake processing, the second request directing the security offload 
component to secure the communication with the remote unit." Thus in a system according to 
Claim 1, security processing is not controlled by a remote VPN management station, but rather 
is initiated in response to a first request at the operating system kernel from the application 
program to initiate a communication with a remote unit, which is followed by a second request 
from the operating system kernel to a security offload component directing the security offload 
component to secure the communication with the remote unit. Unlike a VPN, a method as 
recited in Claim 1 need not require enterprise-wide coordination. 

The Final Office Action notes that VPN units may be implemented as software that 
"operates in conjunction with the communication software for connecting a remote client with 
its associated Internet Service Provider." Final Office Action at 13. The Final Office Action 
concludes that "therefore, for remote clients, VPN units 145, 155 are not controlled by the VAN 
(sic) management station 160." Id. (emphasis added). 

Applicant respectfully submits that this understanding of Arrow is erroneous. The Final 
Office Action cites no passage from Arrow in support of this conclusion. In contrast, Arrow 
expressly states that the system disclosed therein includes "VPN units 115, 125, 135, 145 and 
155 operating under the control of VPN management station 160 ." (Arrow, col. 5, 11. 51- 
53)(emphasis added). 

Thus, for purposes of controlling security processing, Arrow makes no distinction 
between VPN units that are implemented in software and those that are implemented as 
standalone hardware units. For example, Arrow further states that "[o]ne function of VPN 
management station 160 is to manage the configuration of VPN units , such as VPN unit 115, 
through issuance of configuration requests." (Arrow, col. 14, 11. 33-35) (emphasis added). 
Applicants can find no indication that the VPN management station of Arrow does not manage 
the configuration of VPN units that are implemented in software, as asserted in the Final Office 
Action. Furthermore, as Arrow expressly says that the VPN management station 160 is 
controlling the operation of the VPN units such as VPN units 145, 155, it is illogical and 
contrary to the teaching of Arrow to conclude that the VPN management station is controlling 
something other than the security processing operations of the VPN units. 

Thus, the fact that some VPN units of Arrow may be implemented in software is 
immaterial to the patentability of Independent Claims 1 and 33-35. Regardless of how the VPN 
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units are implemented, Arrow does not teach that security processing of the VPN units is 
initiated by a request sent from the operating system kernel to a security offload component 
which performs security handshake processing in response to request at the operating system 
kernel from an application program to initiate a communication with a remote unit, as recited in 
Claim 1 . Accordingly, Applicants respectfully submit that Arrow does not anticipate Claim 1 , 
and respectfully request that the rejection of Claim 1 be withdrawn. 

Similarly, Arrow does not teach receiving a request at the operating system kernel from 
the application program to initiate a communication with a remote unit, and directing the 
security offload component to secure the communication with the remote unit in response to the 
request, as recited in Claim 33. Accordingly, Applicants respectfully submit that Arrow does 
not anticipate Claim 33, and respectfully request that the rejection of Claim 33 be withdrawn. 

For at least these reasons, Applicants submit that the Final Office Action and Advisory 
Opinion have failed to establish that Arrow discloses the underlined recitations of Claims 1 and 
33, and, consequently, have failed to provide show anticipation of Claim 1. 

Independent Claims 34-35 contain recitations similar to the underlined portions of Claim 
33. Consequently, Applicants submit that the Final Office Action and Advisory Opinion have 
failed to provide show anticipation of Claims 34-35 for the reasons explained above for Claim 



The dependent claims are patentable per the patentability of the independent claims from 
which they depend. Accordingly, Applicants respectfully request that the present application be 
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